-
Notifications
You must be signed in to change notification settings - Fork 711
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reselection of DF after failure in sc_pkcs15_decipher
function
#3044
Comments
With 0494e46 in So why limit the test to padding to PKCS#1 v1.5? It looks like ca08e97 from 2011 was trying to: "Limit the number of cases when applicated re-selection of application DF to strict minimum." It calls The PIV card does not depend on this, as it uses the So the real fix maybe removing most if not all of ca08e97 and making sure all card drivers use the Part of 0494e46
|
Correct. I think we were moving most of the card drivers to use the
Yes, that was also my thinking that we should be able to remove this part (not only because it clearly does not play well with the always authenticate keys in PIV). Does anyone have the backup of the old issue tracker? The issue IDs in this old commit, I think, are from the opensc-project.org and not from github. Lets try our luck @viktorTarasov ? |
I agree that always reselecting the applet in case of an error destroys the correct error code. However, In the past, we have removed the use of In my opinion, our best option would be to remove the heuristic introduced with ca08e97, because a) we cannot fix this at the PKCS#11 level and b) |
Sounds like a plan. I would suggest that @xhanulik start with the decrypt, as reselect is causing problems with the "prevent side channel attack" |
Sure, I will take look into it. |
Problem Description
When running
p11test
with the PIV test card and RSA2048 keys, I encountered a problem: thepss_oaep_test
decryption test fails withERROR: [ SKIP 02 ] Re-authentication failed
. I've discovered that thesc_pkcs15_decipher()
function is called twice frompkcs15_prkey_decrypt()
inframework-pkcs15.c
:OpenSC/src/pkcs11/framework-pkcs15.c
Lines 4611 to 4619 in c153e2f
In that failed test, the first
sc_pkcs15_decipher()
returnsSC_ERROR_WRONG_PADDING,
so it is called for a second time. Still, since the token requires authentication before doing the decipher operation, it returnsSC_ERROR_SECURITY_STATUS_NOT_SATISFIED.
This error code is then converted into
CKR_USER_NOT_LOGGED_IN,
the login state is then reset, andp11test
cannot continue sincealways_authenticate()
in the next test case fails.This problem also shows up by only decryption of data with invalid padding with
pkcs11-tool
as the error is(probably) instead of
Proposed Resolution
Not sure; I think that the reselection and second call to
sc_pkcs15_decipher()
inpkcs15_prkey_decrypt()
shouldn't be done after every error code.
Steps to reproduce
Create some bogus data to be decrypted (so after decryption, there isn't valid padding):
Decrypt the data with a token requiring always authenticate:
Output:
Logs
Here is the log starting at the first call to
sc_pkcs15_decrypt()
; it fails due to invalid padding, and then the second attempt tosc_pkcs15_decrypt()
fails withSecurity status not satisfied,
which is the error propagated outside.log.txt
The text was updated successfully, but these errors were encountered: